You can mitigate flaws, including approving and rejecting existing mitigations, from within Eclipse.
Before you begin:
- You must have the Mitigation API role.
- You have imported the Veracode scan results, which appear in the Results view in Eclipse.
From within your IDE, you can comment on a flaw and set the mitigation status as:
- Potential false positive
- OS environment
- Network environment
- Mitigate by design
You can also accept or reject a flaw already flagged as mitigated.
To complete this task:
In your IDE, select Veracode > View Results.
From the Results window, in the Flaw ID column, select the checkbox next to one or more flaws that you want to mitigate.
From the Actions dropdown menu, select a mitigation action and select Mitigate.
In the Flaw Mitigation Request window, enter your comments.
If you see an access denied error message, check for these issues, resolve them, and try to mitigate again:
- There is a policy or sandbox scan in progress for the application.
- You are not working with the most recent scan results.
- You do not have the Mitigation API role.
- Another user has locked the flaw in the Veracode Platform.